The LEGACY_IMAGE_FORMAT defaults to 'y' if there is no FIT
support, which happens after applying the default configuration.
Then, the FIT support is added in a config fragment, but the
LEGACY_IMAGE_FORMAT is not disabled.
Disabling this is recommended to avoid the possibility to boot
unsigned legacy images.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The U-Boot bootscript loads the fitImage into RAM memory to run
this bootscript. This bootscript ends up calling 'dboot' command
to run the FIT default configuration.
To avoid 'dboot' re-loading again the fitImage into RAM memory,
set this temporary variable that will be immediately reset
by 'dboot'.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
This commit adds several overlays for DVK v2 and modifies the boot script to apply it
based on the board_version variable.
https://onedigi.atlassian.net/browse/DEL-8746
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit adds signed FIT image support for the CCMP1
platforms when using Trustfence.
https://onedigi.atlassian.net/browse/DEL-8591
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Use the intention of installing dual boot firmware as a condition to set
bootlimit=3 so that the bootcount mechanism is enabled.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1058
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
This was done in a791bb4463 for the ccmp1
but not for the rest of platforms.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Improve boot attempts message showing not only the current boot attempt
but also the limit:
(boot attempt 1/3)
Print the message only when the bootcount mechanism is active, i.e. when
the bootlimit is defined (not zero), and when bootcount is > 0.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DUB-1056
The STM signtools are precompiled binaries with a fixed RPATH to look for
dynamic libraries.
When the binaries are installed to the regular ${bindir} (either native or
nativesdk), additional toolchain libraries in the regular ${libdir} folder
confuse the binaries, resulting in segmentation faults when running them
or missing symbols.
The package has been reworked to place the directory structure expected
by the binaries, in a subfolder "stm" within the ${bindir}.
Two wrapper scripts with the names of the binaries (STM32MP_KeyGen_CLI and
STM32MP_SigningTool_CLI) have been created to run the binaries in the new
subfolder.
Package version has been bumped to 1.1.
While on it, remove the 'do_install' from trustfence-stm-signtools.inc
which is not needed because the 'bin_package' class already provides the
same functionality.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://onedigi.atlassian.net/browse/DEL-8720
Some platforms do not support signing external artifacts (kernel, dtb,
etc.) yet, so we need to decouple the signing of the bootloader from the
signing of the external artifacts.
This commit generalizes the code, so instead of having platform exceptions
scattered along the recipes, we create a new variable used conditionally
to sign or not the external artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This version supports i.MX8ULP and i.MX9x devices.
NOTICE: changed the "srk_ca" parameter in ahab_pki_tree.sh from "yes" to
"no". This script is shared between cc8x and ccimx93. The imx93 does not
support that option at the moment (generation of subordinate SGK certs)
and for the cc8x we were generating them but never used them to sign
the artifacts.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Merge the patches for the PKI tree generation scripts, to ease
maintenance (still keeping two separate patches for HAB4/AHAB).
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
If the default r/w rootfs is not found it will try to do a
fallback to the squashfs image.
In the nand devices additionally we need to set the rootfstype
to squashfs.
https://onedigi.atlassian.net/browse/DEL-8638
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
When booting from a microSD, the variable 'boot_device' is
set to "mmc". Check this to fall back to booting Linux from
the microSD partitions.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
Until now, for dualboot systems, all boot variables were calculated on each boot depending on the value of the
'active_system'. These variables are used to boot the device but were not saved, which could lead to a missmatch
between their value in the environment and their required values to correctly boot the system. This commit
simplifies a bit the variables calculation and adds a block to synchronize their value in the environment.
Signed-off-by: David Escalona <david.escalona@digi.com>
All the 'altboot' script functionality has been moved directly to the 'altbootcmd' command
in U-Boot, so this script is no longer necessary. Remove it for all platforms.
https://onedigi.atlassian.net/browse/DEL-8674
Signed-off-by: David Escalona <david.escalona@digi.com>
The install scripts from SD/USB use a fixed image name.
If you are trying to install a different image you need to set
the env variable 'image-name' first.
Add a helper message if default files are not found to
avoid needing to go to the documentation.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
During firmware install, the target may be reset several times.
We don't want the bootcount to count these as boot attempts.
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
The 'bootcount' value is now incremented and stored in the system on every boot and
not only then the 'upgrade_available' flag is set. Also, ensure the value is cleared
when the 'altboot' script is executed by running the new U-Boot command 'bootcount reset'.
https://onedigi.atlassian.net/browse/DEL-8506
Signed-off-by: David Escalona <david.escalona@digi.com>
When TrustFence is enabled, a PKI tree is generated.
In the case of NXP platforms, the PKI contains public certificates
from which the public key needs to be extracted using an openssl
command.
In the case of STM platforms, the PKI contains directly the
public key.
In all cases, we need the public key to be installed in the
rootfs /etc/ssl/certs/ folder, so that it can be used by
swupdate to authenticate signed SWU packages.
Up to now, this was being done on the dualboot recipe, but the
installation of the public key should really be only dependant
on the fact of TF being enabled.
This commit:
- Removes the generation of the public key from dualboot.bb.
- Generates a patch to extract the public key from the certificate
as part of the PKI tree generation (on NXP platforms).
- Installs the public key during a post install function after
the final rootfs has been created.
- For NXP platforms, extracts the public key using openssl if
it does not exist (for backwards compatibility).
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
When booting from recovery sdcard, in the imx93 the dualboot is yes by
default, so the mmcroot variable was not set correctly for the uSD.
If we boot from uSD, just assume all the system is in the uSD card, whether
it is a recovery system or a prepared uSD card for demo.
https://onedigi.atlassian.net/browse/DEL-8461
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Starting at kernel 6.1, the maxim98088 driver has been migrated
from the old imx-max98088.c driver to NXP’s new audio framework
fsl-asoc-card.c.
Update the sound stuff to match the new audio card and some of
the new controls.
https://onedigi.atlassian.net/browse/DEL-8596
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
This includes NXP's code from the SCFW porting kit v1.15.0, support for
variants with 4 GiB of RAM and a fix for an issue when resuming from suspend.
https://onedigi.atlassian.net/browse/DEL-8604
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This commit adds support for environment encryption/decryption of the
u-boot environment on the CCMP1 platform in Linux.
Signed-off-by: Mike Engel <Mike.Engel@digi.com>
Regulatory domain is now provided as a Kernel parameter, and the
wlan driver uses it to select the correct BDF file, so we don't
need to change the symbolic links to point to one file or another
anymore.
https://onedigi.atlassian.net/browse/DEL-8360
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We can't run a post installation script in a readonly file system.
We need to provide a configuration file beforehand.
https://onedigi.atlassian.net/browse/DEL-8556
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
We no longer need logic to determine the SOM's RAM size and bus width, we only
need to know the SOC revision, which is info that is always available.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
Now that both U-Boot and the SCFW can autodetect the RAM configuration, we can
simplify the imx-boot build process to generate two binaries (one per SOC
revision) instead of eight. Build "flash_spl" imx-boot images and use only one
global defconfig for u-boot.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
This update includes automatic RAM configuration detection, and only one SCFW
binary is needed for all ccimx8x variants. Adapt the imx-boot recipe
accordingly.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
For the ccimx8x, we changed the order of the steps in do_deploy() from:
Deploy -> Rename files -> Move binaries
To:
Deploy -> Move binaries -> Rename files
When it's time to rename the files, they won't be in their original place and
the process will fail. Make sure we move the files after they've been renamed
to avoid errors.
Also, one move operation is enough for all artifacts, so remove the second
operation.
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
There are two different firmware files for Bluetooth on Murata's type2AE
module:
- JRL: It configures a Bluetooth TxPower of 7dB, to be used in Japan
only.
- FCC.CE: It configures a Bluetooth TxPower of 5dB, to be used in the
rest of the world.
To comply with the FCC requirement that it should not be possible to
configure different regulatory domains, or in this case configurations,
than FCC, only deploy the FCC.CE file by default:
- BCM4373A0_FCC.CE.hcd (md5sum: 1e287a3ab7f83e59352cb321315ea80f)
This file reports the following information during boot time:
Bluetooth: hci0: 89373 UART 37.4 MHz wlbga_BU sLNA muRata Type 2EA 5dBm 20220608-0103
Bluetooth: hci0: BCM4373A0 (001.001.025) build 0155
JRL file will be added via the Worldwide DEY patch addon that customers
can request from Digi.
https://onedigi.atlassian.net/browse/DEL-8453
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
Replace the CLM blob file from Github, which supports several countries
with a custom US-only CLM blob file. This way, default images will only
have support for US regulatory domain, therefore complying with FCC
requirements.
The Worldwide CLM blob file will be provided by Digi International on
request.
https://onedigi.atlassian.net/browse/DEL-8453
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
We can't run a post installation script in a readonly file system.
We need to provide a configuration file beforehand.
https://onedigi.atlassian.net/browse/DEL-8556
Signed-off-by: Francisco Gil <francisco.gilmartinez@digi.com>
This commit modifies the boot script condition to apply the overlay for MCA
based on HWID MCA field.
https://onedigi.atlassian.net/browse/DEL-8521
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Hector Palacios
Arturo Buzarra
Javier Viguera
Mike Engel
Isaac Hermida
Francisco Gil
David Escalona
Gonzalo Ruiz
Gabriel Valcazar